Security FAQ

Security FAQ  

How does Embedded Trust/C-Trust use specific security features of the target MCU?
The Secure Boot Manager (SBM) that is generated by Embedded Trust has been designed by Secure Thingz such that it takes full advantage of the security features of the targeted MCU. Minimum features that are utilized by the SBM are, secure memory, device lockdown (such as disabling JTAG), and immutable boot capability. Additional hardware features such as a secure enclave/island increase the overall security of the end product.

Can only MCUs with onboard unique IDs be used for security?
No. If a targeted MCU does not have a Unique ID, the Security Context can be configured such that a random number is generated as a substitute for the unique ID. Currently, most secure MCUs have a unique UUID included.

What is the footprint of the Secure Boot Manager in general?
The size of the secure boot manager varies dependent of target device (page size of embedded flash) and configuration. Typical sizes are between 15K and 50K.

How does this system work for low power applications?

The same as it does for all other systems.  The Secure Boot Manager only activates when the device powers up.  It can be configured to only activate after a certain number of power-on resets if you so choose. You have full source code to the Secure Boot Manager to configure it as you wish.

Do you get access to the Secure Boot Manager source code with the Embedded Trust license?
Yes, you do.

How does Embedded Trust help with securing Over the Air updates?

The output of the mastering process is an encrypted package that can be delivered to the target under application control, including download from a cloud service. The application writes the encrypted package to a suitable memory location. The Secure Boot Manager can be configured to provide one or more update slots for such update packages. Once delivered our Secure Boot Manager will handle the security procedure of checking the package prior to decrypting and flashing into the user application area, and resetting the target as needed.

Are the certificates generated by Embedded Trust x.509 compliant?

Yes.

How extensive are the instructions and examples documented for these tools?
We have quick start guides and videos to help you get started quickly and a comprehensive manual detailing with all the various features and options of the tools.

I have no previous experience at all to deploy secure connected devices. If I buy Embedded Trust what is the learning curve?

The main goal with Embedded Trust is to make it as simple as possible to add security to your products. To add a SBM project to an application, set up the PKI structure with keys and certificates and run on a development board should take a matter of minutes. 

My company already has a Public Key Infrastructure (PKI) in place, how do I integrate Embedded Trust?

Embedded Trust will support Certificate Signing Requests (CSRs) towards an external Certificate Authority and can leverage an existing PKI. Certificates and keys can be imported by the tool and bound to Embedded Trust-created certificates.

Is Embedded Trust only useful for connected applications?

No, the environment is beneficial to anyone who wants to protect their IP from overproduction or counterfeiting.

© IAR Systems 1995-2019 - All rights reserved.

We use cookies on this website to provide you with a better experience. You need to accept cookies to continue using this site. Cookies